Merge pull request #7669 from erik-krogh/fieldUnusedInDisjunct

QL: field unused in disjunct

ql/ql/src/queries/performance/VarUnusedInDisjunct.ql

@@ -17,8 +17,16 @@ import ql
  */
 pragma[noinline]
 predicate alwaysBindsVar(VarDef var, AstNode node) {
-  // base case
-  node.(VarAccess).getDeclaration() = var and
+  (
+    // base case
+    node.(VarAccess).getDeclaration() = var
+    or
+    exists(Class clz |
+      node.(FieldAccess).getDeclaration().getVarDecl() = var and
+      node.(FieldAccess).getDeclaration() = clz.getAField() and // <- ensuring that the field is not inherited from a super class
+      node.getEnclosingPredicate() = clz.getCharPred() // <- in non-charpred, the fields are implicitly bound by their relation to `this`.
+    )
+  ) and
   not isSmallType(var.getType()) // <- early pruning
   or
   // recursive cases
@@ -205,8 +213,9 @@ predicate badDisjunction(EffectiveDisjunction disj, VarDef var) {
   not isTinyAssignment(disj.getAnOperand())
 }
 
-from EffectiveDisjunction disj, VarDef var
+from EffectiveDisjunction disj, VarDef var, string type
 where
   badDisjunction(disj, var) and
-  not badDisjunction(disj.getParent(), var) // avoid duplicate reporting of the same error
-select disj, "The variable " + var.getName() + " is only used in one side of disjunct."
+  not badDisjunction(disj.getParent(), var) and // avoid duplicate reporting of the same error
+  if var.getParent() instanceof FieldDecl then type = "field" else type = "variable"
+select disj, "The $@ is only used in one side of disjunct.", var, type + " " + var.getName()

ql/ql/test/queries/performance/VarUnusedInDisjunct/Test.qll

@@ -157,11 +157,12 @@ predicate good7() {
   )
 }
 
-// TOOD: Next test, this one is
-string good8(int bitSize) {
-  if bitSize != 0
-  then bitSize = 1 and result = bitSize.toString()
-  else (
-    if 1 = 0 then result = "foo" else result = "bar"
-  )
+class HasField extends Big {
+  Big field;
+
+  HasField() {
+    field = this
+    or
+    this.toString().matches("%foo") // <- field only defined here.
+  }
 }

ql/ql/test/queries/performance/VarUnusedInDisjunct/VarUnusedInDisjunct.expected

@@ -1,8 +1,9 @@
-| Test.qll:14:3:16:7 | Disjunction | The variable b is only used in one side of disjunct. |
-| Test.qll:21:5:23:37 | Disjunction | The variable big is only used in one side of disjunct. |
-| Test.qll:28:3:30:33 | Disjunction | The variable t is only used in one side of disjunct. |
-| Test.qll:49:3:53:26 | Disjunction | The variable toType is only used in one side of disjunct. |
-| Test.qll:74:8:74:77 | Disjunction | The variable bad is only used in one side of disjunct. |
-| Test.qll:115:26:115:80 | IfFormula | The variable bb is only used in one side of disjunct. |
-| Test.qll:127:5:129:9 | Disjunction | The variable a is only used in one side of disjunct. |
-| Test.qll:132:5:134:9 | Disjunction | The variable a is only used in one side of disjunct. |
+| Test.qll:14:3:16:7 | Disjunction | The $@ is only used in one side of disjunct. | Test.qll:13:16:13:20 | b | variable b |
+| Test.qll:21:5:23:37 | Disjunction | The $@ is only used in one side of disjunct. | Test.qll:20:10:20:16 | big | variable big |
+| Test.qll:28:3:30:33 | Disjunction | The $@ is only used in one side of disjunct. | Test.qll:27:12:27:16 | t | variable t |
+| Test.qll:49:3:53:26 | Disjunction | The $@ is only used in one side of disjunct. | Test.qll:48:30:48:39 | toType | variable toType |
+| Test.qll:74:8:74:77 | Disjunction | The $@ is only used in one side of disjunct. | Test.qll:70:9:70:15 | bad | variable bad |
+| Test.qll:115:26:115:80 | IfFormula | The $@ is only used in one side of disjunct. | Test.qll:115:16:115:21 | bb | variable bb |
+| Test.qll:127:5:129:9 | Disjunction | The $@ is only used in one side of disjunct. | Test.qll:125:16:125:20 | a | variable a |
+| Test.qll:132:5:134:9 | Disjunction | The $@ is only used in one side of disjunct. | Test.qll:125:16:125:20 | a | variable a |
+| Test.qll:164:5:166:35 | Disjunction | The $@ is only used in one side of disjunct. | Test.qll:161:3:161:11 | field | field field |